Friday, July 26, 2013

What it feels like to be a victim of Online crime

I normally like to view the internet as a fairly benign and safe place, but I have been a victim of cyber crime three times in recent years. I don't think this will have a major impact upon my habits, but I suppose it is natural that it will make me a bit more cautious online.

Here are the details of the incidents:

eBay
I normally only use eBay to buy items, but a few years ago I was getting rid of some old gadgets and decided to see if I could sell them via eBay. Shortly after I placed the items for sale I got two emails enquiring about details of the laptop that I had for sale. This puzzled me since I wasn't selling any laptop. Shortly after this I got an email from eBay customer support saying that they were suspending my rights to sell on eBay due to suspicious activity on my account.

I still am not sure exactly what happened, but I think that someone was advertising laptops for sale on eBay such that the payments would go to the criminals and the irate customers would contact me when the laptops never arrived. I changed the password on my eBay account, and while I have never suffered any more fraud on eBay this is mainly because my bad first experience dissuaded me from ever selling anything on eBay again. In any case, if I did try to sell something, I am sure my seller reputation rating would be very low

Skype
Around the same time also suffered when somebody gained access to my Skype account. At the time I had set up a facility whereby my Skype credit would automatically get topped up whenever the balance fell too low. I would normally only need to top up my account every few months and so I was surprised to be notified that it was topped up twice in two days.

I investigated this and found that someone was making lots of calls from my account to phone numbers in the UK and Nigeria. Since none of these calls were to numbers I recognise or know, I assume they were fraudulent. I was keen to stop this and so I immediately changed the password on my account (it was already an obscure and hard to guess password) and cancelled the instruction to automatically top-up so that my exposure would be limited to the current balance. This stopped the flow of calls being charged to my account.

I tried to make contact with Skype customer support to inform them what happened and have them investigate further. However, they showed no interest in making any enquiries. I am surprised at this because I would assume that the people involved ate still defrauding Skype customers. The amount of money I lost was not very significant, but I must admit that my opinion of Skype and their security controls was damaged by the way they reacted (or failed to react) to this incident.

Twitter
Earlier this month some malicious
individuals gained access to my Twitter account. I am not sure exactly
who gained access, but it seems that they used the access to send some
strange Direct Messages with links to malware to my Twitter followers.

The
first I knew about this was while I was out in a pub with a friend and I
started getting messages from friends querying why I was sanding such
strange Twitter messages. I decided to postpone investigating until I
returned home, but when I got home I already had an email from Twitter
customer support saying that they noticed suspicious activity on my
account and had disabled it. The email had a helpful link to
instructions on how I could change my password and re-enable my account.

Overall
the impact on me was relatively minor and I must say I was impressed
with the speed and efficiency with which Twitter dealt with the issue.

Overall
I took a few lessons from these incidents:

Malicious people will try to gain access to your online accounts even when there is no direct potential to steal money with this access (e.g. Twitter).

Different online companies have a very different level of reaction to abuse of accounts on their system.

When you are a victim of fraud, you can end up being seen by companies as of dubious honesty. This is just a sad fact of life.

It is always important to stop malicious people gaining access to your account, but it is more important if their is a potential for this access to cost you money.

2 comments:

Wow. My one incident was someone hijacking my phone line in 1999, there was a bill of ~400$. But this didn't happened on the internet though.The thing that scares me the most are key loggers, both on the PC and in Android. Any piece of software you install has the potential to log every key stroked you make, plus screen shots, etc. It usually gets uploaded to a central dump site, and the hacker then sales access to whomever is willing to pay.Who knows maybe that's what happened to you.Be safe.

About Me

Brian O'Donovan is currently employed by IBM as a Software Engineer. He is based in the IBM Ireland Development Lab in Mulhuddart on the outskirts of Dublin. Click here to read Brian's CV online or click here for a PDF version.

The views expressed here are entirely personal and do not in any way represent the position of IBM.